Cisco CCNA 200-301 – STP – Spanning Tree Protocol Part 4

8. Verification – show mac address-table

Another command you can use to check the path that traffic is taking throughout your layer two network is Show Mac Address table. So for this example we’re going to check the path that traffic is taking from PC One, going to R One and you can see in the diagram that it should go from PC One to Access Three to CD One to R One. So let’s let’s verify that.

So I go onto R One and I do a show interface for gig zero one there to find out the Mac address because I’m going to check the path traffic is taken from PC One to that interface with IP address 1010 two. In the example I can see that it ends with Mac address two, D two. I then go on to the first hop switch, which is access three. And I just show Mac address table. And I see the entry there for VLAN one for the Mac address ending in two D two, which is that interface on R one.

That the outgoing port is going to be fast, 00:24, going towards CD one, which is what I expected. I then go into the next top of CD one and I do a Show Mac Address table there and I can see that the Mac address was learned on interface gig zero one. So again that was what I expected going directly to R One. Okay, let’s also check this in the lab for traffic going from PC Two to R one. And you can see from the diagram we expect the traffic to go from PC two to axis four to CD two to access three, to CD one and then to R One. So first off, let’s go on to R One and check the Mac address.

So I need to open up in packet tracer here. I’ll go to the command line and show interface gig one. That’s the interface with IP address 1010 two and I can see that, yes, the Mac address ends in two D two. Then I will go on to PC two and open up a command prompt on here. I’ll clear my ARP cache first and then I’ll ping ten two to generate some traffic so that the switches in the path will learn the Mac address. Then looking at the topology diagram, PC two’s first hop is access four and expect that the traffic will go out interface fast 00:24. So let’s go on to the access four switch and do a Show Mac Address table on here.

Look for the entry for two, do two and yes the traffic is going out fast 00:24 and that will go to CD two and expect the traffic out CD two to go out interface fast zero slash 21. So let’s check that. So a Show Mac Address table on here, look for the entry to two, do two and yes it is going out interface fast 00:21 the next top I expect it to, well I know it’s going to hit access three because it’s come out fast 00:21.

And CD two on access three, I expect it to be forwarded out Fast 00:24 to CD one. So let’s check that on access three. If I can find the switch in here. There we go. Okay, so on access three, show Mac address table and two. Do two, yes, is on fast 00:24. And finally the last top is going to be CD one. It should be on interface gig one. So let’s go on to CD one. And they show Mac address table on here. And there it is. Two. Do two. Yes, it is going out interface gig zero one. So that’s how you can verify the spanning tree, by mapping out your root ports, your designated ports and your alternate blocking ports. And also how you can use the Show Mac address table command to verify that traffic will be going through that path. Now if we have a look at the topology diagram again here, you maybe noticed a problem in that traffic from PC two, in that it was pinging all over the network. It wasn’t going through the most direct path viewerorld networks. We’re definitely going to want traffic to go along the shortest path to make things as efficient as possible. In the next lecture, we’re going to cover how you do that by manipulating where the route bridge is.

9. Manipulating the Root Bridge Election

This lecture you’ll learn about manipulating the spanning tree root bridge election because spanning tree selects paths pointing towards and away from the root bridge for forwarding traffic along the route bridge acts as a center point of the land. Best practice is to ensure that a pair of high end core switches are selected as the first and second most preferred root bridge. You can manipulate the root bridge election by setting bridge priority on your switches. The default value is 32768 and the lowest number is preferred. In the case of a tie the switch with the lowest Mac address will be selected. So if you do not manually set the bridge priority on your switches they’re all going to default to 32768 and the switch with the lowest Mac address will be the root bridge and that is liable to be the oldest switch in your network. If you think about it, whenever Cisco makes a new switch we’re going to increment the Mac address on there. So the lowest Mac address is probably going to be the oldest switch. So that is likely to give you suboptimal root bridge selection.

In our example here, all switches have been left with the default bridge priority. And you’d be surprised at how often this does actually happen in production networks because spanning three works just fines three out of the box and a lot of networks. The administrators don’t touch it at all. They just leave it as is. And that can lead to the problem that you see here. So in our example the switch with the lowest Mac address becomes the root bridge and that happens to be the old switch that we’ve got in the warehouse down in the bottom right. That old warehouse switch has got low bandwidth links so it’s maybe got fast ethernet links compared to gigabit ethernet or better elsewhere and it’s old so it’s got limited CPU and memory resources. If we check this I go onto a switch happens to be the warehouse switch and I just show spanning three VLAN one and I can see that this bridge is the route and the priority is the default of 32768.

If we now look at the actual paths that traffic will take throughout our network. So in the diagram now I’ve removed links that have got blocking ports on them. So this shows the spanning tree that traffic is going to be forwarded over. And let’s see what would happen if we had a PC that was connected into the axis one switch on the left and it sent traffic to the axis three switch over near the right hand side. So PC connected to axis one sends some traffic in with a destination address. Of the other PC, access one will send it to distribution two. It will then go to core one, then the distribution three, then access four, then the warehouse and then access three. So it’s pinging around all over the network and going via the warehouse switch and it’s seven hops in total.

So that’s really suboptimal root bridge selection there. All traffic between different pairs of distribution switches will go over an indirect path and transit that old switch in the warehouse that’s likely to congest its links overwhelm its CPU and Ram and of course lead to suboptimal performance. So what we should have done was configure the root bridge to be sitting on one of our core switches so that all traffic is going to go through that path. Instead, the way that you set this is a global config on the switch that you want to be the root bridge spanning three VLAN one, root primary, so you can have different switches being the root bridge for different VLANs. Here we’re using VLAN one for our example. When you put that command in, it sets a bridge priority of 24576, which is better than the default bridge priority. So it is manipulating the election so that this switch will be elected as the root bridge. To verify it, I go on to core one, do my usual command show spanning tree for VLAN one and I can see the message, this bridge is the root and I can see the priority is 24576.

If we now look at the spanning tree, that’s what you can see in the diagram here. Again, we’ve set the core bridges, the root bridge, and I’ve taken out all of the links that have got blocking ports on there. If we now send traffic from a PC connected into axis one, sending it to another PC that’s connected to axis three, the path it will go along is access one to distribution two to core one to distribution four to access three. So you can now see it’s only five hops as compared to the seven hops that we had before. It’s going along the most direct path, which is going through the core. So that is much more optimal route bridge placement. For the same example, if the core one switch fails, we want to ensure that traffic still goes through the most direct centralized path.

So to do that, we need to configure core two to be the next most preferred route bridge. If we didn’t do that and core one went down when we had that outage, we would be back to the warehouse being the root bridge again. So we want to avoid that. We always want traffic to be going through the core. So to do that, we go on the command line on core two and we say spanning three VLAN one, root secondary. So it’s route primary on the switch. You want to be the root bridge and it’s root secondary on the switch that you want to be the backup that sets a bridge priority of 28672. So we go back a couple of slides. You’ll see that for the primary it’s 24576, and for the secondary it’s 28672. Here I’ve gone on a core to verify fight it with a show spanning to VLAN one. Again the same command that we always use here. I can see that the root bridge is still on core one and that this has got the next best priority. So this will be the secondmost.